#!/bin/sh
#
# These are setup examples for OpenBSD.  So far there are only transport
# mode examples because this SparcStation only has one ethernet I/F.

gw1=192.168.2.105
gw2=192.168.2.110
hostmask=255.255.255.255
default=0.0.0.0

iv=1000000000000001

case "$1" in

#
# The ENCDEBUG macro must be defined before these two will work.
#

debug)
	sysctl -w net.ipsec.encap.encdebug=1
;;
nodebug)
	sysctl -w net.ipsec.encap.encdebug=0
;;

trahmd5)
	ipsecadm new ah -auth md5 -spi 545 -src $gw1 -dst $gw2 \
		-key 81828384858687888990919293949596
	rt $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 545 0
	rt $default $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 545 0
	ipsecadm new ah -auth md5 -spi 555 -src $gw2 -dst $gw1 \
		-key 979899a0a1a2a3a4a5a6a7a8a9b0b1b2
;;
trahmd5del)
	ipsecadm delspi -spi 545 -dst $gw2 
	rtdelete $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1
	rtdelete $default $hostmask $gw2 $hostmask \
		-1 -1 -1
	ipsecadm delspi -spi 555 -dst $gw1
;;

trahsha1)
	ipsecadm new ah -auth sha1 -spi 585 -src $gw1 -dst $gw2 \
		-key 0a0b0c0d0e0f1a1b1c1d1e1f2a2b2c2d2e2f3a3b
	rt $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 585 0
	rt $default $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 585 0
	ipsecadm new ah -auth sha1 -spi 595 -src $gw2 -dst $gw1 \
		-key 3c3d3e3f4a4b4c4d4e4f5a5b5c5d5e5f6a6b6c6d
;;
trahsha1del)
	ipsecadm delspi -spi 585 -dst $gw2 
	rtdelete $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1
	rtdelete $default $hostmask $gw2 $hostmask \
		-1 -1 -1
	ipsecadm delspi -spi 595 -dst $gw1
;;

tresp3desmd5)
	ipsecadm -enc 3des -auth md5 -spi 525 -src $gw1 -dst $gw2 \
		-key 010203040506070809101112131415161718192021222324 \
		-authkey 25262728293031323334353637383940 -iv $iv
	rt $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 525 1
	rt $default $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 525 1
	ipsecadm -enc 3des -auth md5 -spi 535 -src $gw2 -dst $gw1 \
		-key 414243444546474849505152535455565758596061626364 \
		-authkey 65666768697071727374757677787980 -iv $iv
;;
tresp3desmd5del)
	ipsecadm delspi -spi 525 -dst $gw2 
	rtdelete $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1
	rtdelete $default $hostmask $gw2 $hostmask \
		-1 -1 -1
	ipsecadm delspi -spi 535 -dst $gw1
;;

tresp3des)
	ipsecadm -enc 3des -spi 525 -src $gw1 -dst $gw2 \
		-key 010203040506070809101112131415161718192021222324 \
		-iv $iv
	rt $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 525 1
	rt $default $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 525 1
	ipsecadm -enc 3des -spi 535 -src $gw2 -dst $gw1 \
		-key 414243444546474849505152535455565758596061626364 \
		-iv $iv
;;
tresp3desdel)
	ipsecadm delspi -spi 525 -dst $gw2 
	rtdelete $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1
	rtdelete $default $hostmask $gw2 $hostmask \
		-1 -1 -1
	ipsecadm delspi -spi 535 -dst $gw1
;;

tresp3dessha1)
	ipsecadm -enc 3des -auth sha1 -spi 525 -src $gw1 -dst $gw2 \
		-key 010203040506070809101112131415161718192021222324 \
		-authkey 2526272829303132333435363738394041424344 -iv $iv
	rt $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 525 1
	rt $default $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 525 1
	ipsecadm -enc 3des -auth sha1 -spi 535 -src $gw2 -dst $gw1 \
		-key 414243444546474849505152535455565758596061626364 \
		-authkey 6566676869707172737475767778798081828384 -iv $iv
;;
tresp3dessha1del)
	ipsecadm delspi -spi 525 -dst $gw2 
	rtdelete $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1
	rtdelete $default $hostmask $gw2 $hostmask \
		-1 -1 -1
	ipsecadm delspi -spi 535 -dst $gw1
;;

trespdesmd5)
	ipsecadm -enc des -auth md5 -spi 565 -src $gw1 -dst $gw2 \
		-key b3b4b5b6b7b8b9c0 -iv $iv \
		-authkey c1c2c3c4c5c6c7c8c9d0d1d2d3d4d5d6
	rt $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 565 1
	rt $default $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 565 1
	ipsecadm -enc des -auth md5 -spi 575 -src $gw2 -dst $gw1 \
		-key d7d8d9e0e1e2e3e4 \
		-authkey e5e6e7e8e9f0f1f2f3f4f5f6f7f8f900 -iv $iv
;;
trespdesmd5del)
	ipsecadm delspi -spi 565 -dst $gw2 
	rtdelete $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1
	rtdelete $default $hostmask $gw2 $hostmask \
		-1 -1 -1
	ipsecadm delspi -spi 575 -dst $gw1
;;

trespdes)
	ipsecadm -enc des -spi 565 -src $gw1 -dst $gw2 \
		-key b3b4b5b6b7b8b9c0 -iv $iv
	rt $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 565 1
	rt $default $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 565 1
	ipsecadm -enc des -spi 575 -src $gw2 -dst $gw1 \
		-key d7d8d9e0e1e2e3e4 -iv $iv
;;
trespdesdel)
	ipsecadm delspi -spi 565 -dst $gw2 
	rtdelete $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1
	rtdelete $default $hostmask $gw2 $hostmask \
		-1 -1 -1
	ipsecadm delspi -spi 575 -dst $gw1
;;

trespdessha1)
	ipsecadm -enc des -auth sha1 -spi 565 -src $gw1 -dst $gw2 \
		-key b3b4b5b6b7b8b9c0 -iv $iv \
		-authkey c1c2c3c4c5c6c7c8c9d0d1d2d3d4d5d6d7d8d9e0
	rt $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 565 1
	rt $default $hostmask $gw2 $hostmask \
		-1 -1 -1 $gw2 565 1
	ipsecadm -enc des -auth sha1 -spi 575 -src $gw2 -dst $gw1 \
		-key d7d8d9e0e1e2e3e4 -iv $iv \
		-authkey e5e6e7e8e9f0f1f2f3f4f5f6f7f8f90001020304
;;
trespdessha1del)
	ipsecadm delspi -spi 565 -dst $gw2 
	rtdelete $gw1 $hostmask $gw2 $hostmask \
		-1 -1 -1
	rtdelete $default $hostmask $gw2 $hostmask \
		-1 -1 -1
	ipsecadm delspi -spi 575 -dst $gw1
;;

esac
